initial commit

modules/storage/AwsBackupFlex/main.tf

@@ -0,0 +1,64 @@
+data "aws_caller_identity" "this" {}
+
+resource "aws_backup_vault" "AbVault" {
+  for_each    = var.vaults
+  name        = each.key
+  kms_key_arn = each.value.kms_key_arn
+}
+
+resource "aws_backup_vault_policy" "AbPolicy" {
+  for_each          = aws_backup_vault.AbVault
+  backup_vault_name = each.value
+  policy = var.policy != null ? var.policy : jsonencode({
+    "Version" : "2012-10-17",
+    "Statement" : [
+      {
+        "Sid" : "DefaultAwsBackupPolicy"
+        "Effect" : "Allow",
+        "Principal" : {
+          "AWS" : data.aws_caller_identity.this.account_id
+        },
+        "Action" : [
+          "backup:*"
+        ],
+        "Resource" : "*"
+      }
+    ]
+  })
+}
+
+resource "aws_backup_plan" "plan" {
+  for_each = var.plans
+  name     = each.key
+  dynamic "rule" {
+    for_each = var.plans
+    content {
+      rule_name         = rule.value.rule.rule_name
+      schedule          = rule.value.rule.schedule
+      target_vault_name = rule.value.rule.target_vault_name
+      dynamic "lifecycle" {
+        for_each = rule.value.rule.lifecycle
+        content {
+          cold_storage_after = lifecycle.value.cold_storage_after
+          delete_after       = lifecycle.value.delete_after
+        }
+      }
+    }
+  }
+}
+
+resource "aws_backup_selection" "AbSelection" {
+  for_each     = var.selections
+  name         = each.key
+  iam_role_arn = each.value.iam_role_arn
+  plan_id      = each.value.plan_id
+
+  dynamic "selection_tag" {
+    for_each = each.value.selection_tags
+    content {
+      type  = selection_tag.value.type
+      key   = selection_tag.value.key
+      value = selection_tag.value.value
+    }
+  }
+}